NSX Network Virtualization basics

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello my name is Christopher rappel and today I'd like to talk to you about network virtualization within the nsx product as you can see here I've got my V Center loaded and I'm going to be M built I'm going to show you a quick topology map so within this topology map in the goal of our exercise today is we're going to create a virtualized Network environment with a single DLR in a single ESG so that stands for distributed logical router and edge services gateway we're going to use a couple of bgp a SS to accommodate that what you need to be aware of is everything in this topology that's a colored object green and blue that all exists within one ESXi host for this exercise and it's important to note that this is just demonstrating functional peering with an underlay or physical network which is represented by this gray object up here this is by no means of best practices configuration exercise but it will give you a good idea as to some of the things that you need to look out for if you want to actually do this in a live production environment and with that we'll get going so we get the basic V Center view I'm going to talk about the NSX components and the build pieces first and then after that I'm going to show you some gotchas and some very useful commands within the network virtualization building blocks to troubleshoot and set objects so in order to do that we're going to go to networking and security and what this video assumes is that you actually have a deployed nsx manager so some of these original installation steps I'm going to breeze over based on the way I'm provision now I'm not going to be going through these things just a high-level overview so you need to have an nsx manager affiliated with your V Center you need to have some nsx controllers built and this is primarily because my tone is configured in unicast mode which you'll see in the second host preparation must be complete and the DX lan must be configured the logical network preparation is important so again just make sure that you see your vmk Nick for the VXLAN people that you defined here and more importantly if this is a live production environment you want to make sure that this is affiliated with something in your underlay that you could actually get to because if VX lay in the BX lead communication was occurring in multiple hosts these things would need to talk to one another across the underlay in order to allow you to do the layer to overlay ur3 communication we've got our segment IDs and again best practices I'll mention it if you're going to do a multi V Center environment you want to make sure that if you're doing Universal that you have a universal segment ID pool segment ID is also synonymous to BNI if you hear that terminology and basically the takeaway is if you define a range on a V Center make sure that it's within a local range that is unique to that box because one of the prerequisites is if you were to define the same range across numerous V centers and then wanted to do something universally with them pretty sure there's a write up that states that one of the first things you would need to remediate is a segment pool that you've defined which is your V excellent information so again to save yourself some heartache just make sure that that's unique per V Center and then you've got your transport zone so the transport zone you can see is in unicast mode and in the takeaway here is this is going to be the zone that we're using for our logical switches I'm not going to show you how to how to set any of this stuff up it's pretty straightforward you can click this Add object give it a name affiliated to the transport zone and define the mode and it will automatically assign a segment ID from the range that was explained earlier and it will walk it sequentially so in this particular exercise I've got a VM that has been configured on the test logical switch it will see that in a few so the goal of this exercise again going back to the diagram we're going to configure from from the VM all the way up to the distributed logical router then we're going to define an IP address for our control VM and then we're going to configure our edge services gateway I've already pre configured the underlay so the dot one in the AAS 65k and associated information is here if anybody is curious about what that information looks like just so that if they wanted to do the piece of the underlay configuration as well to try this in their own lab feel free to let me know and I will pass that information along so let me show you what I've done with the VM first the VM I've used the CSR thousand B I popped a console to this can all I want to show you there's a few basic things I've configured an IP address on this so it's two two two two and if I take a look at my route I've configured a static route for two 22.1 if I go back to this diagram that kind of highlights that the VM is dot two in the distributed logical router has a logical interface or LIF configure with dot one on this subnet and it's a slash 24 network just to make things easy throughout the entire topology so right now if I try to ping this it's not going to work and we're going to demonstrate that right now now be aware and we'll go through this as we do the distributed logical router configuration it's not supposed to ping it this time because the object does not exist so the DLR does not exist that's why the ping is not working another reason why the ping might not work is if you had the firewall enabled on that box and I'll show you how to deliberately shut that off as well so let's start with the configuration of our DLR so the DLR you can see that I have one edge out here just ignore this for now this is on a host right now that I have in a maintenance mode so this doesn't apply what I'm going to do for us is I'm going to create the distributed logical router the distributed router you see a radio button here for the logical distributed router all you need to know is that the logical distributed router optimizes east-west traffic which is going to be our VXLAN traffic for our workloads within our software to find data center if I were to do north-south traffic the parameter device going to the physical underlay network would be an edge service gateway so let's give this a quick name we're going to do the LDR first because this is what's going to be adjacent to our workload or our virtual machine which is another term for it and we'll give it a name something not very interesting we'll call it DL r01 and I'll just copy that information and put in the host name and what we want to do is we want to deploy an edge appliance this kind of alludes to the fact that in order to support firewall or dynamic routing we would need to have an edge appliance this is actually what's going to spin up your control VM for your DLR if you decided not to do this and I did this in another lab what you would realize is you wouldn't be able to configure dynamic routing if you don't enable dynamic routing configure and protocols like OSPF and BGP just is not going to work so keep that in mind we're going to kick click the next key and again I'm just going to define a strong password if you define too weak of a password it's going to give you an error message I'm going to enable SSH access just to make it easy click the next key now what I'm going to do is I'm going to go into the edge appliance and I'm going to select my cluster I'm going to select my data store and host and folder our mandatory fields but I'm going to click those just so you see me filling them out I'm going to click the ok key so everything's good so far now we've got our a che interface configuration so we're going to put this on the transit interface and we'll add our transit interface first which is going to be our uplink you'll connect that to transit if we look at our diagram here the transit is heading towards the edge services gateways so our IP is going to be 3 2 3 3.1 alright you know we're going to add one more interface here we're going to add our internal interface which is for our test logical switch I'll show the diagram here in a second so test is going to be 2.2 2.1 for the distributed logical router heading back down towards the workload all right its internal and it's on the test logical switch that's good we're going to click Next and we don't need a clock gateway because we're going to be using dynamic routing I'm going to click Next and then we're going to click finish right now we're just waiting for the VM to actually build and I'll show you few things that you need to do in order to complete your the routing and then we'll test connectivity from our workload to the distributed logical router to ensure that that piece is working ok so we're just going to click refresh here and see if this is done still says busy and it's still spinning here so just wait a little bit okay so if it's healthy you should see it in a deployed State so that's what we're going for you see that lists the logical router we double click on this it's going to open up some additional information if you want to validate your interface information and click on interfaces interface is going to show you the local IP addresses of both boxes as well as an interface with an uplink type which again should always head towards your transit interface from the DLR to the ESG and you've got to test interface which is heading down towards the workload which is internal so all this stuff looks good you have a green checkmark indicating that v-neck here is connected which if you weren't sure about that you could click the edit key and you would see the connected status right here so that's kind of a good visual indicator that that's connected what we're going to do is we're going to go to the firewall and you can see that it's enabled right now I'm going to disable the firewall and publish that and then we're going to go into the routing information and do that really quick and I'll explain the VM and how it's actually configured to communicate to the DLR and kind of show that process so we're going to start under global configuration and we're not going to do a CMP in this exercise but this would be useful if you wanted to increase the amount of bandwidth and your default routes coming out of your distributed logical router useful if you have a number of EDD service gateways up to a maximum of 8 we're going to take our transit interface which is our uplink and this is always the first piece you always need to define a router ID if you don't do this and you try to go into the subsequent windows what you're going to notice is it's going to give you errors so just keep that in mind we're going to go into BGP and we're going to click Edit disable graceful restart and just enable BGP for now we're not going to play with the default information originated here and the main reason is because we're going to be actually learning that and not originating it with the within the environment we're going to be learning it from the underlay so this is not required but it what is required is the BGP autonomous system number that we are a part of and you can see if that's sixty-five thousand one okay so we're going to publish those changes in the next change that you need to make is the neighbor relationship so here's where things get a little bit interesting when you see IP address this is referring to the remote IP address that you're going to be peering with in your edge service gateway so let's take a look at the diagram again you can see that our transit where locally dot one in the edge service gateway is dot two alright so we're going to we're going to peer with dot two 3.33 to the forwarding address is is always the IP address of our logical interface and again if you take a look at the diagram you'll see that that's three dot 3.3 dot one so the terminology is a little confusing if for whatever reasons you mess the forwarding address up and it wasn't an interface that you actually created you will get an error message the protocol address is going to be the control VM the control VM is going to be what's responsible for doing the bgp peering with the edge service gateway so you can see that that is 3.3 dot 3.1 hundred and the remote a s once again the edge service gateway and the distributed logical router are all going to be within bgp a s 65,000 won wait we're not going to mess with what will keep the keep alive and the hold down the values that they're at right now just be aware that if you were in production you'd probably want quicker convergence so if you want to see what that would would look like it the best timers I guess I could change those to make those one and three best practice is that it must match on the period I have horrible results so we're going to click OK and we're going to publish those changes so once again if you're if you're playing this back the forwarding address is the address of the local box the protocol address is the address of the control VM the IP address is the remote IP that we're peering with so that's summarized here once again now we're going to go to route redistribution this step is important because if you don't redistribute your connected routes you won't receive the advertisements so I'm going to show you how to do that right now you can see in the summary we get a green check mark next to SPF we're not using that so we're going to turn that off we're in a term redistribution on for BGP okay we'll publish that change really quick and just to keep things very easy and again not a best practices type a deal here but I'm going to click the plus button down here and I'm going to say I want to redistribute connected routes any prefix in the BGP very self-explanatory I'm going to publish those changes I'm just going to clean up those PF down here and this completes the configuration of the distributed logical router for this particular exercise you'll see that I have another network down here for prod and whatnot I don't have a VM built on this right now but this will fully demonstrate communication from your network virtualized environment by the time we're done to the physical underlay which is the goal so now let's back up a little bit and I'll go back into my VM because we turn the firewall off and I'm just going to ping my default gateway just to see if this works so that's a good sign so that means that the distributed logical router to the workload or again virtual machine because they're synonymous is successful so that's a good first start we're going to take a quick look at the virtual machine and just show you because I already showed you the VM a figuration of the virtual router but what you're really going to care about is the host itself so if I go to the virtual machine and click on CCIE - what we're looking for here specifically is to make sure that the network adapter that configured is on the test logical switch because again if this network adapter would be the logical switch that is being used and connected to the distributed logical router you can see that I've connected the other three adapters to prod but just keep that in mind I've configured network adapter 1 as being on the - net in the - net is configured to receive that as our logical interface or lip so let's complete this configuration let's go back to our network and security okay and we're going to stay right in NSX edges and I'm going to click the plus sign again this time we're going to create an edge services gateway the edge services gateway again anti-climactic we're just going to call it SG 0 1 host name is ESG 0 1 and we'll keep the values of default to find our lengthy password again and will enable that we'll click Next will do unpacked and I'll fill all these values out again click Next and it says ok what interfaces are on this now this is where things change a little bit so where the distributed logical router was an uplink interface because it's heading north the edge services gateway on the transit interface is heading south so on the edge service gateway this is an internal interface we'll still call it the same thing though just to keep keep in mind just the basic names that we've decided to use it will make this transit and we're going to take a look at our diagram then we can see that we have an IP address of 3 3 3 - so we'll configure that really quick in a mask of 24 to 1600 and click OK and then we're going to configure our uplink now this uplink is going to go to the physical network so since it's heading north it is an uplink so we're just going to say uplink - core in the particular tributed port group that I'm using for this this is going to be PCIe switch 1 2 ESG 1 which is what we've configured I just configured this ahead of time with an appropriate VLAN tag and again all the underlay stuff is already configured we'll set this to 1600 and click OK so now we have the two interfaces that we need except needs an IP address that's mandatory so we're going to go up here and we see that our uplink going to the physical underlay is 4.4.4 - now keep in mind I just chose arbitrary IP addresses yes this is in the public IP space I've got it basically isolated from the rest of my environment so you probably wanted to use RFC 1918 space for this since we're in a lab we could pretty much do whatever we want okay once again is not configuring the default gateway skip the firewall and we'll click finish on the edge service gateway and now we're we're waiting for this to deploy again so keep in mind I'm you deploy the DLR with the control VM in the edge service gateway that's going to create virtual machines that are going to show up in your your hosts inventory which I'll show you here in a second wanted to complete the intern the firewall off on this first complete the BGP configuration and then I'll show you where those VMs actually live ok deployed so that's good so once again we're going to double click on this is start with a firewall we're going to disable this publish that way if we're trying to ping between devices we don't need to worry about ICMP dropping things once again we can go into settings interface and you will see your two interfaces one heading towards the distributed logical router and one heading towards the edge service gateway both connected now we're going to go into routing and routing is very very similar to the distributed logical router so we're going to breeze through this once again it knows it knows my uplink interface so it's going to select that router ID so I'll make that the router ID and sometimes in my lab this happens I'm not exactly sure why by click it again and then I get to publish changes that you should see but yep we obviously want to publish those again not messing with ecmp we're going to go into bgp now click Edit no graceful restart enable bgp and the local autonomous system number in common we're in dua BGP south so click that to show you the diagram really quick so once again we're still in 65,000 won here now we're going to add the neighbor so we're going to add the neighbor going South first the IP address here super important this does not go to the logical interface on your distributed logical router the peering occurs between the edge service gateway in the control VM so the IP for the peer we're going to define is going to go to 33.3 about 100 this is something that changes a little bit from the physical underlay so if you come from a network engineering background that may seem a little strange at first but just be be aware that it's because they do which is what we need to peer the routing protocol in the data plane so once again we're going to find that is 33.3 about 100 and the remote is again is 6500 1 and we'll drop those timers because we did for the other one just keep it consistent we'll click OK we'll publish that change but in this particular case we're not done yet it's because this particular device has to be GP neighbors it's going to have a bgp neighbor between these two devices is going to have a bgp neighbor to the physical lender lay up top the remote a s for that particular box is 65,000 so let's take care of that really quick the IP address of the remote is 4.4.4 dot 1 and once again the AS IS 65k and will be consistent and get the fastest conversion time so you can get one and three and click OK publish the changes and we're almost done so if you can remember the last step from the distributed logical router again we wanted to redistribute the directly connected so we're going to redistribute two BGP and publish that and the distributor out redistribution I'm going to stay connected routes to BGP we're going to publish so this should be enough to satisfy right Iria at this point to peer with a physical underlay in the distributed logical router but really quickly let's go let's go show you really quick and the hosting clusters the two virtual machines so you can tell that this is the control VM because this has the IP address of 3.3 dot one hundred which is our control VM and then you get your edge service gateway so now what we're going to do is we're going to actually open these things up so I'm going to click this to pop a console and this is the same password that you defined in the setup of the box that lengthy password that we had to do so we're going to log into this really quick okay so we're on this box and what we're going to do really quick is very basic troubleshooting command for BGP when you run this command it's going to show you the upstream IP address just 3.33 - in this particular example in the BGP state that you are looking for always should never ever deviate from this should always be this established up if you see active if you see connected if you see idles those are all bad codes established up is what you are looking for other thing to take away also is the BGP uses port TCP 179 so TCP 179 would have to be allowed in order for this peering to occur also so just keep that in mind but the takeaway is we have a good BGP neighbor what we're going to further do to evaluate things is we're going to type in show IP route and then notice a few cool things here so you're going to notice a be for any BGP learned route you could actually see that we're learning a default route which is a good indication that we're actually learning things appropriately from the physical underlay so big thumbs up there means we're doing something right and we're also learning the BGP route of 4.4.4 which is the networking common between the physical underlay and the edge service gateway and that's mainly because we just redistributed the connected routes into BGP so if I try to ping 4.4.4 dot one which is a physical underlay I should get a response this will prove that communication of the physical underlay is good so let's try it and we're successful from the VM we try to ping the physical underlay once again it is successful we're going to go pop the console for the edge service gateway now and once again login with our lengthy password okay same commands apply show IP bgp neighbor to neighbors alright 3.3.4 e dot 100 ed service gateway to the distributed logical router control vm established up that's a good code bgp neighbor 4 4 4 1 going to the physical underlay established up so again a good code tip and show IP route and you can see that we're learning a default route from our physical underlay as ebgp and you could also see that we're learning to to to the logical switch between regular logical router and our CCIE router VM so I'm going to ping that really quick drop this down so we could actually see what we're doing here you can see that I can ping the work look that's good should also be able to ping the other side of this connection will happen to ping something north um that I should just follow default to get to and you can see that I can ping that as well so we're good if you wanted to get more granular and just look at the BGP routes you could tape and show IP route BGP so if you don't want to look at all the other routes and just look at those that'd be good you'll see these numbers here next to the routes next to the default route you'll see a 20 / 0 you may hear that called metric you may also hear it called administrative distance this is a value local to the box the only takeaway that you really need to take away from what you see here is if you see 20/20 is ebgp meaning the asses are different between the two points and when you see the number 200 that's a default value for ibgp eyelids may vary I'm Arista networks I've actually noticed ebgp as showing up as a value of 200 but the value of 20 being external in 200 being internal for bgp that's consistent across cisco equipment just a few curious we're going to take a look at our physical underlay really quick and this is what we happen to be peering with so I'll type in show IP BGP summary on switch 1 my inactive edge right now and you see a status Kota active same thing applies in the physical underlay if you don't see prefixes exchanging or whatnot it means you're not in established States so even if you see prefixes is 0 you're established but the takeaway with this command is you could see my router ID my local a s in my neighbor IP address so this is my edge service gateway right here you can see that it's been active for about seven minutes I'm going to try to ping the VM that I have in the environment you can see that it's a hundred percent successful send a thousand ping packets at it and we are good so I hope that bridges the gap a little bit for a ttle that have more of a networking background that are looking to do looking related concepts within nsx product where is released which is wonderful hope you learn something from this and know if there's anything else you'd like to see and talk to you soon hope you had fun
Info
Channel: Chris Appell
Views: 4,576
Rating: 5 out of 5
Keywords: NSX, VMware, Cisco
Id: euWtl4EY8h0
Channel Id: undefined
Length: 33min 15sec (1995 seconds)
Published: Mon Apr 17 2017
Related Videos
Docker Tutorial for Beginners [FULL COURSE in 3 Hours]
TechWorld with Nana
1.1M
2. Introduction to NFV Network function Virtualization Basics - NFV Architecture and ETSI - NFV MANO
TelecomTutorial info
130K
VMware NSX Logical Switch Fundamentals by Rick Crisci - VCP6-NV
TrainerTests
5.9K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.1M
How To Make A Custom Font Using Fontself
The Futur Academy
252K
How does the internet work? (Full Course)
freeCodeCamp.org
165K
🔴Windows 11: Instantly Find Which Computers Meet The Requirements
PDQ.com
3.3K
How NSX Uses VXLAN
VMware NSX
30K
Ansible Network Automation
David Bombal
15K
Imagine 2021: Innovation Keynotes
Edge Impulse
4.5K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.